"In almost all the cases, we have observed that the exposure has got seasoned as an NPA for three to four years before the borrower was declared fraudulent....Banks and bankers could be charged for abetting the criminal offence. My call to you therefore, is to identify and declare the account as fraud without wasting time," Mundra said, adding that as much as 92 per cent of financial frauds are loan-related.
In the remarks made during a closed door bankers' event on Monday and published late last evening, Mundra said delay in reporting of a fraud can have "far-reaching implications on the employee conduct and internal governance standards".
Mundra did not refer to any particular case while making the remarks, which came days after the entire brass of state-run IDBI Bank was arrested for allegedly conniving to sanction loans for the fugitive businessman Vijay Mallya.
Mundra also said despite Reserve Bank raising flags on cyber security, banks continue to have "significant" gaps in their architectures and asked the boards of respective banks to monitor the same.
More From This Section
"The assessment reveals that barring a few banks the gaps are indeed significant, more so in respect of public sector banks," he said.
"This warrants immediate and continued attention of the board and senior management of banks," he said.
Citing the recent incidents of ATM and debit card frauds which resulted in millions of debit cards being replaced, Mundra said there is a need to appoint a chief information security officer (CISO) and radically change budgeting for cyber security.
millions were lost to fraudsters, the domestic banking system has witnessed "an attempt" to defraud a bank through the abuse of SWIFT messaging system, but there was no monetary loss, Mundra said.
Referring to increased adoption of digital technologies, especially in the wake of note ban, Mundra said while the benefits of technology were obvious, we need to be "conscious of security aspects as well".
He said the RBI has come out with a framework on security under which 30 major banks will undergo a detailed 'IT examination' this fiscal, while all other lenders will be covered in the next fiscal.
The commercial banker-turned-central banker said banks react to cyber incidents in a "knee-jerk and ad-hoc manner" which can jeopardise future probes, and urged them to report incidents quickly by sticking to the stipulated 2 to 6 hour window.
The RBI has also observed that there are certain loose ends in the security framework like in configuration of devices, patch management, OEM-supported software, password management or port management. These are ignored or entirely left to the vendors resulting in an "undesirable impact".
Even though knowledge of cyber-related aspects is relevant for all stakeholders including board members, Mundra said the RBI has observed that this is "ignored".
In the face of rapid changes in technology, Mundra also questioned whether there is a need to employ newer and newer technology enabled products at a fast pace.
"My point is frequent introduction of new technology may only end up stretching human resources beyond their capabilities and might eventually prove counter-productive," he added.